17:48:32jonas’so you need to either specify some kind of chunking (then the question: how to deal with missing chunks? see the vulnerabilities in IP fragmentation implementations to get an idea of why this question is important and non-trivial) or set an upper limit which is sane

18:05:16moparisthebest10 day TTL on that SRV record, so the fix needs to be make that a direct TLS port, not remove the SRV

18:05:21jonas’the first error I showed you is from a tool to monitor c2s/s2s connectivity on both direct TLS and STARTTLS. it can even do XMPP pings if you give it credentials. it’ll also check whether expected SASL mechanisms are there.